Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2024-48948] Bump elliptic from 6.5.7 to 6.6.0 #8742

Merged
merged 2 commits into from
Oct 30, 2024
Merged

[CVE-2024-48948] Bump elliptic from 6.5.7 to 6.6.0 #8742

merged 2 commits into from
Oct 30, 2024

Conversation

AMoo-Miki
Copy link
Collaborator

Description

[CVE-2024-48948] Bump elliptic from 6.5.7 to 6.6.0

NOTE: While this is categorized as a low severity security-wise, the annoyance it could cause administrators of OSD might be big.

Changelog

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@AMoo-Miki
[CVE-2024-48948] Bump elliptic from 6.5.7 to 6.6.0
11962a9 
Signed-off-by: Miki <miki@amazon.com>
@AMoo-Miki AMoo-Miki added cve Security vulnerabilities detected by Dependabot or Mend v2.18.0 backport 2.18 labels Oct 29, 2024
@codecov Codecov
Copy link

codecov bot commented Oct 29, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.75%. Comparing base (c66b698) to head (251d333).
Report is 5 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #8742      +/-   ##
==========================================
- Coverage   60.75%   60.75%   -0.01%     
==========================================
  Files        3798     3798              
  Lines       90682    90682              
  Branches    14271    14271              
==========================================
- Hits        55092    55090       -2     
- Misses      32093    32094       +1     
- Partials     3497     3498       +1
Flag Coverage Δ
Linux_1 29.06% <ø> (ø)
Linux_2 56.39% <ø> (ø)
Linux_3 37.60% <ø> (-0.01%) ⬇️
Linux_4 29.82% <ø> (ø)
Windows_1 29.07% <ø> (ø)
Windows_2 56.34% <ø> (ø)
Windows_3 37.60% <ø> (ø)
Windows_4 29.82% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@kavilla kavilla merged commit e7533a9 into opensearch-project:main Oct 30, 2024
70 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 30, 2024
@github-actions @opensearch-changeset-bot
[CVE-2024-48948] Bump elliptic from 6.5.7 to 6.6.0 (#8742)
decf835 
* [CVE-2024-48948] Bump `elliptic` from 6.5.7 to 6.6.0

Signed-off-by: Miki <miki@amazon.com>

* Changeset file for PR #8742 created/updated

---------

Signed-off-by: Miki <miki@amazon.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
(cherry picked from commit e7533a9)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Oct 30, 2024
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 30, 2024
@github-actions @opensearch-changeset-bot
[CVE-2024-48948] Bump elliptic from 6.5.7 to 6.6.0 (#8742)
2b02c56 
* [CVE-2024-48948] Bump `elliptic` from 6.5.7 to 6.6.0

Signed-off-by: Miki <miki@amazon.com>

* Changeset file for PR #8742 created/updated

---------

Signed-off-by: Miki <miki@amazon.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
(cherry picked from commit e7533a9)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Oct 30, 2024
Merged
kavilla pushed a commit that referenced this pull request Oct 30, 2024
@opensearch-trigger-bot @github-actions @opensearch-changeset-bot
[CVE-2024-48948] Bump elliptic from 6.5.7 to 6.6.0 (#8742) (#8760)
d37cc23 
* [CVE-2024-48948] Bump `elliptic` from 6.5.7 to 6.6.0



* Changeset file for PR #8742 created/updated

---------



(cherry picked from commit e7533a9)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
kavilla pushed a commit that referenced this pull request Oct 30, 2024
@opensearch-trigger-bot @github-actions @opensearch-changeset-bot
[CVE-2024-48948] Bump elliptic from 6.5.7 to 6.6.0 (#8742) (#8761)
6b49593 
* [CVE-2024-48948] Bump `elliptic` from 6.5.7 to 6.6.0



* Changeset file for PR #8742 created/updated

---------



(cherry picked from commit e7533a9)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
amsiglan pushed a commit to amsiglan/OpenSearch-Dashboards that referenced this pull request Nov 1, 2024
@AMoo-Miki @opensearch-changeset-bot @amsiglan
[CVE-2024-48948] Bump elliptic from 6.5.7 to 6.6.0 (opensearch-proj…
d887570 
…ect#8742)

* [CVE-2024-48948] Bump `elliptic` from 6.5.7 to 6.6.0

Signed-off-by: Miki <miki@amazon.com>

* Changeset file for PR opensearch-project#8742 created/updated

---------

Signed-off-by: Miki <miki@amazon.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ananzh ananzh ananzh approved these changes

@kavilla kavilla kavilla approved these changes

@ashwin-pc ashwin-pc Awaiting requested review from ashwin-pc ashwin-pc is a code owner

@joshuarrrr joshuarrrr Awaiting requested review from joshuarrrr joshuarrrr is a code owner

@abbyhu2000 abbyhu2000 Awaiting requested review from abbyhu2000 abbyhu2000 is a code owner

@zengyan-amazon zengyan-amazon Awaiting requested review from zengyan-amazon zengyan-amazon is a code owner

@zhongnansu zhongnansu Awaiting requested review from zhongnansu zhongnansu is a code owner

@manasvinibs manasvinibs Awaiting requested review from manasvinibs manasvinibs is a code owner

@ZilongX ZilongX Awaiting requested review from ZilongX ZilongX is a code owner

@Flyingliuhub Flyingliuhub Awaiting requested review from Flyingliuhub Flyingliuhub is a code owner

@curq curq Awaiting requested review from curq curq is a code owner

@bandinib-amzn bandinib-amzn Awaiting requested review from bandinib-amzn bandinib-amzn is a code owner

@SuZhou-Joe SuZhou-Joe Awaiting requested review from SuZhou-Joe SuZhou-Joe is a code owner

@ruanyl ruanyl Awaiting requested review from ruanyl ruanyl is a code owner

@BionIT BionIT Awaiting requested review from BionIT BionIT is a code owner

@xinruiba xinruiba Awaiting requested review from xinruiba xinruiba is a code owner

@zhyuanqi zhyuanqi Awaiting requested review from zhyuanqi zhyuanqi is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@LDrago27 LDrago27 Awaiting requested review from LDrago27 LDrago27 is a code owner

@virajsanghvi virajsanghvi Awaiting requested review from virajsanghvi virajsanghvi is a code owner

@sejli sejli Awaiting requested review from sejli sejli is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@huyaboo huyaboo Awaiting requested review from huyaboo huyaboo is a code owner

Assignees
No one assigned
Labels
backport 2.x backport 2.18 cve Security vulnerabilities detected by Dependabot or Mend distinguished-contributor v2.18.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AMoo-Miki @kavilla @ananzh